Senior Program Manager - Compliance & Data Protection

Hi, we’re Gravie. Our mission is to improve the way people purchase and access healthcare through innovative, consumer-centric health benefit solutions that people can actually use. Our industry-changing products and services are developed and delivered by a diverse group of unique people. We encourage you to be your authentic self - we like you that way.

A Little More About The role:

We are seeking an experienced Senior Program Manager of Compliance and Data Protection to lead regulatory compliance initiatives, implement health care compliance requirements, and data privacy frameworks. This key role will manage our organization's adherence to complex regulatory requirements to enhance our strategic compliance posture, and ability to adopt new and emerging privacy requirements. 

The ideal candidate brings deep expertise in healthcare regulatory frameworks along with demonstrated success in data privacy program management. 

You will:

-Lead Compliance and Data Privacy Programs for the organization by maintaining regulatory documents, managing routine compliance inquiries, conducting compliance investigations and audits, and directing privacy initiatives. 

-Develop and implement a comprehensive SOC 2 audit preparation process and ensure complete alignment with Trust Services Criteria (TSC). Create sustainable compliance infrastructure for ongoing audit maintenance.

-Assist with development of a regulatory change management process.

-Provide guidance and interpretation of complex regulatory requirements to internal stakeholders.

-Serve as primary liaison for researching and responding to regulatory inquiries.

-Manage privacy incident response, including investigations, remediation, and regulatory reporting.

-Map data flows across enterprise systems to identify vulnerabilities, implement appropriate controls, and ensure regulatory compliance throughout information lifecycles.

-Monitor privacy regulations (state laws, GLBA, PCI DSS, GDPR) to assess applicability, maintain organizational readiness, and oversee implementation of new requirements.

-Collaborate with cross-functional teams (Legal, IT, Operations) on compliance and data privacy related projects and initiatives.

You bring: 

-Bachelor's degree 

-7+ years of experience in a highly regulated industry such as healthcare or finance, and demonstrated familiarity with regulatory compliance.

-Experience in information security, compliance, or related field

-Strong analytical skills and ability to interpret complex regulatory requirements

-Excellent written and verbal communication skills with ability to translate legal requirements into actionable guidance

-Experience developing and implementing policies and procedures

-Proven ability to work independently and prioritize multiple competing demands

-Strong project management and organizational skills

-Existing or development of expert knowledge of healthcare privacy frameworks combined with strategic vision to transform compliance requirements into actionable safeguards.

Extra credit: 

-Previous start up company experience

-In-depth knowledge of HIPAA privacy and security requirements 

-Privacy certifications such as CIPP, CIPM, CIPT, or CISA

-Experience with SOC 2 compliance preparation

-Healthcare or financial services industry experience

-Experience with privacy technology solutions and tools

-Knowledge of international privacy regulations (GDPR, etc.)

Gravie: 

In order to transform health insurance and build a health plan everyone can love, we need talented people doing amazing work. In exchange, we offer a great overall employee experience with opportunities for career growth, meaningful mission-driven work, and an above average total rewards package.

The salary range for this position is $105,000 - $175,000 annually. Numerous factors including, but not limited to, education, skills, work experience, certifications, etc. will be considered when determining compensation. 

Our unique benefits program is the gravy, i.e., the special sauce that sets our compensation package apart. In addition to standard health and wellness benefits, Gravie’s package includes alternative medicine coverage, flexible PTO, up to 16 weeks paid parental leave, paid holidays, a 401k program, cell phone reimbursement, transportation perks, education reimbursement, and 1 week of paid paw-ternity leave. 

A Little More About Us:

We know healthcare. Our company was founded and is still led by industry veterans who have started and grown several market-leading companies in the space.

We have raised money from top tier investors who share the same long-term vision as we do of building an industry defining company that will endure over the long run. We are well capitalized.

Our customers like us. Our revenue churn is in the low single digits, in an industry where greater than 20% churn is common.

Our culture is unique. We tend to be non-hierarchical, merit-driven, opinionated but kind people who thrive working in a high-performance, fast-paced environment. People at Gravie care deeply about making a positive impact in the lives of the people we serve. We may not be the right place for everybody, but if you get energized by doing work every day that focuses on putting consumers at the front of the line, we could be a great place for you. It takes unique people and diverse perspectives to deliver our results. We encourage you to be your authentic self – we like you that way.